Correct delivery of emails can be a real headache for a company that needs to stay in touch with its customers and suppliers. Major email operators are making it increasingly difficult for these deliveries to be made to the Inbox, in the name of fighting fraudulent emails.
What is DMARC?
DMARC is a technical mechanism that allows the email administrator of a domain to indicate to the administrators of other domains what to do if the validation of the message's origin server fails.
DMARC relies on two other mechanisms: SPF and DKIM. SPF is a public announcement of which mail servers are authorized to send messages on behalf of a particular domain; DKIM is a mechanism for signing france business email list individual messages using an asymmetric encryption system.
The combined use of SPF and DKIM makes it possible to validate : a) the origin server; and b) that each individual message actually comes from that origin server.
DMARC consists of publishing a suggested policy for handling messages if they fail one of the two previous validations. What should you do if the incoming message does not come from one of the authorized servers in SPF? What should you do if the message does not pass the DKIM signature check? Where should you direct the delivery reports for these transactions?
Both SPF, DKIM, and DMARC use DNS TXT records to make your information public.
You may also be interested in:
Email Deliverability: SPF, DKIM, and DMARC
Learn more about: SPF , DKIM , DMARC
Why are GMail and Yahoo! Mail starting to require DMARC for inbound message delivery?
The mandatory use of these mechanisms acts as an effective filter for a large portion of the fraudulent messages that are sent every day to these large email service providers (ESPs).
If you receive a message claiming to come from a bank's domain, but the email server delivering it is not one of those publicly authorized to serve messages from the bank's domain, you can't help but suspect that the message may be fraudulent.
This is not a mechanism that solves all problems related to fraudulent email, because the message may contain a literal indication of an origin, but be sent from an unrelated email address:
De: Banco Superguay <[email protected]> ✔
However, it does prevent someone from using any mail server to send in the name of the bank's domain, which can cause the recipient of the message to give credibility to the message:
De: Banco Superguay <[email protected]> ✖
As of February 1, 2024 , both GMail and Yahoo! Mail have announced that only with proper DMARC/DKIM/SPF configuration can the delivery of messages from sources (domains) that distribute more than 5,000 messages per day be guaranteed. The rest of the messages can be rejected, sent directly to the Spam folder, or marked as fraudulent.
Phishing campaigns are naturally mass campaigns, targeting many thousands of recipients, and are candidates for being affected by the new requirements of large ESPs, but once the good results of the new restrictions have been proven, it is easy for the measures to be extended to lower delivery volumes as well.
On the other hand, these new measures are part of a trend in recent years of the large ESPs to suffocate any other email service provider with their requirements, de facto setting the standards and leaving smaller competitors and independent operators out of the market. One of the initiatives that abound in this trend is the implementation of BIMI ( Brand Indicators for Message Identification ).
How can this affect the delivery of my messages?
If your email domain is not configured correctly and your daily message delivery volume is small, the February 1, 2024 deadline should not be of immediate concern to you.
However, the correct configuration of your email services should be of great importance to any organization , since the opposite can lead to negative consequences:
Outgoing messages are not delivered;
Let them be delivered, but always end up in the Spam folder;
That they are labeled as suspicious or fraudulent in the recipient's mailbox, with the consequences that this has for your organization's image.
If your organization is larger, or if you maintain a high volume of email sending, or if you use email distribution lists , for example for email marketing campaigns, you should mark this date in red on your calendar, because these large ESPs host a significant number of email addresses, both business and personal – and therefore your customers – and it is very possible that delivery problems will begin to appear.
With the demands for email delivery set to increase sooner rather than later, you may want to make a mental note to ensure that your email services are in good health and your messages are safely delivered to their destination.
What can I do to prevent my emails from being undelivered or going to Spam?
Setting up your DNS and email services, and performing delivery tests, are tasks of a deeply technical nature, which should be carried out by specialists. If you are not one, your best bet is to contact someone who has the knowledge and experience required for this task.
